Understanding Network Representation For Networks

network arch
>Understanding Network Representation For Networks

 

 

 

 

Network architects and administrators must be able to show what there networks will look like. They need to be able to easily see which components connect to other components, where they will be located, and how they will be connected. Diagrams of networks often use symbols, like those shown in the figure, to represent the different devices and connections that make up a network.

Image shows symbols used in network diagrams. At the top are the following end devices: desktop computer, laptop, printer, IP phone, wireless tablet, and TelePresence endpoint. In the middle are the following intermediary devices: wireless router, LAN switch, router, multilayer switch, and firewall appliance. At the bottom are the following network media: blue waves depicting wireless media, a solid black line depicting LAN media, and a red lighting bolt depicting WAN media.

network representation

A diagram provides an easy way to understand how devices connect in a large network. This type of “picture” of a network is known as a topology diagram. The ability to recognize the logical representations of the physical networking components is critical to being able to visualize the organization and operation of a network.

In addition to these representations, specialized terminology is used to describe how each of these devices and media connects to each other:

  • Network Interface Card (NIC) – A NIC physically connects the end device to the network.
  • Physical Port – A connector or outlet on a networking device where the media connects to an end device or another networking device.
  • Interface – Specialized ports on a networking device that connect to individual networks. Because routers connect networks, the ports on a router are referred to as network interfaces.

Note: The terms port and interface are often used interchangeably.

Topology diagrams are mandatory documentation for anyone working with a network. They provide a visual map of how the network is connected. There are two types of topology diagrams: physical and logical.

 

Physical Topology Diagrams

Physical topology diagrams illustrate the physical location of intermediary devices and cable installation, as shown in the figure. You can see that the rooms in which these devices are located are labelled in this physical topology.

 

The physical network topology shows six rooms, each highlighted in a light yellow box, with various networking devices and cabling. On the left side is the server room labelled room 2158. It contains a router labelled R1 mounted on rack 1 shelf 1 with six cable connections. A cable at the top connects to a cloud labelled Internet. A cable to the left connects to a switch labelled S1 mounted on rack 1 shelf 2. S1 is connected to three servers: a web server mounted on rack 2 shelf 1, an email server mounted on rack 2 shelf 2, and a file server mounted on rack 2 shelf 3. A cable connected to the bottom of R1 connects to a switch labelled S2 mounted on rack 1 shelf 3. S2 has two connections leading to a printer and a PC in the IT office labelled room 2159.

 

R1 has three cables to the right connected to three switches located in room 2124. The top switch is labelled S3 and mounted on rack 1 shelf 1. The middle switch is labelled S4 and mounted on rack 1 shelf 2. The bottom switch is labelled S5 and mounted on rack 1 shelf 3. S3 has a cable on the left connected to a laptop in a room labelled class 1 room 2125. S4 has a cable on the left connected to a laptop in a room labelled class 2 room 2126. S5 has a cable on the left connected to a laptop in a room labelled class 3 room 2127.

 

Logical Topology Diagrams

Logical topology diagrams illustrate devices, ports, and the addressing scheme of the network, as shown in the figure. You can see which end devices are connected to which intermediary devices and what media is being used.

The logical network topology shows devices, port labels, and the network addressing scheme. In the middle of the picture is a router labelled R1. A port labelled G0/0 connects to a cloud at the top labelled Internet. A port labelled G0/1 connects at the left to a switch labelled S1 at port G0/1. S1 is connected to three servers. S1 and the servers are highlighted in a light yellow circle with the network 192.168.10.0 written at the top. Port F0/1 on S1 connectes to a web server. Port F0/2 on S1 connects to an email server. Port F0/3 on S1 connects to a file server. Port F0/1 on R1 connects at the bottom to a switch labelled S2. S2 connects to a printer and a PC, all of which are highlighted in a light yellow circle with the network 192.168.11.0 written on the bottom.

 

 

At the left of R1 are three additional connections, each connecting to a switch at port G0/1 which is than connected to a laptop at port F0/1. Each switch and laptop are highlighted in yellow and the network address is shown. Port G0/0 of R1 connects at the top to a switch labelled S3 on network 192.168.100.0. Port G1/1 of R1 connects in the middle to a switch labelled S4 on network 192.169.101.0. Port G1/2 on R1 connects at the bottom to a switch labelled S5 on network 192.168.102.0.

 

The topologies shown in the physical and logical diagrams are appropriate for your level of understanding at this point in the course. Search the internet for “network topology diagrams” to see some more complex examples. If you add the word “Cisco” to your search phrase, you will find many topologies using icons that are similar to what you have seen in these figures.

Networks of Many Sizes

Now that you are familiar with the components that make up networks and there representations in physical and logical topologies, you are ready to learn about the many different types of networks.

Networks come in all sizes. They range from simple networks consisting of two computers to networks connecting millions of devices.

Simple home networks let you share resources, such as printers, documents, pictures, and music, among a few local end devices.

Small office and home office (SOHO) networks allow people to work from home or a remote office. Many self-employed workers use these types of networks to advertise and sell products, order supplies and communicate with customers.

 

Businesses and large organizations use networks to provide consolidation, storage, and access to information on network servers. Networks provide email, instant messaging, and collaboration among employees. Many organizations use there network’s connection to the internet to provide products and services to customers.

 

The internet is the largest network in existence. In fact, the term internet means a “network of networks”. It is a collection of interconnected private and public networks.

In small businesses and homes, many computers function as both the servers and clients on the network. This type of network is called a peer-to-peer network.

Click each button for more information.

Small Home Networks
Small Office and Home Office Networks
Medium to Large Networks
World Wide Networks

Small Home Networks

Small home networks connect a few computers to each other and to the internet.

small home network consisting of a monitor, computer tower, keyboard, mouse, speakers, and printer located in a cabinet

LANs and WANs

Network infrastructures vary greatly in terms of:

  • Size of the area covered
  • Number of users connected
  • Number and types of services available
  • Area of responsibility

The two most common types of network infrastructures are Local Area Networks (LANs), and Wide Area Networks (WANs). A LAN is a network infrastructure that provides access to users and end devices in a small geographical area. A LAN is typically used in a department within an enterprise, a home, or a small business network. A WAN is a network infrastructure that provides access to other networks over a wide geographical area, which is typically owned and managed by a larger corporation or a telecommunications service provider. The figure shows LANs connected to a WAN.

network architecture

The network topology shows three LANs connected via a WAN link in the centre. A legend shows that LANs are highlighted in yellow and WANs in light purple. The WAN is located in the centre of the diagram. It contains a cloud symbol labelled cloud with red WAN connections to three routers. Each router is located partly in the WAN and partly in a LAN. At the bottom left is the Central LAN. It contains a server, two multilayer switches, two LAN switches, and four PCs. At the bottom right is the Branch LAN. It contains a switch, a server, a printer, two IP phones each connected to a PC, and a wireless access point with wireless connections to a laptop and a smartphone. At the top right is the home office LAN. It contains a wireless router with a wired connection to a printer and wireless connections to a laptop and a monitor.

 

LANs

A LAN is a network infrastructure that spans a small geographical area. LANs have specific characteristics:

  • LANs interconnect end devices in a limited area such as a home, school, office building, or campus.
  • A LAN is usually administered by a single organization or individual. Administrative control is enforced at the network level and governs the security and access control policies.
  • LANs provide high-speed bandwidth to internal end devices and intermediary devices, as shown in the figure.

The diagram is an illustration of a LAN. At the centre of the diagram is a switch. There are four Ethernet connections on the switch. At the top left is a connection to a PC. Below that is a connection to the computer at the desk of a worker. Below that is another connection to the computer at the desk of a worker. At the bottom left is a connection to an IP phone. To the right of the switch is a connection to a server. The text under the figure reads: a network serving a home, small building, or a small campus is considered a LAN.

WANs

The figure shows a WAN which interconnects two LANs. A WAN is a network infrastructure that spans a wide geographical area. WANs are typically managed by service providers (SPs) or Internet Service Providers (ISPs).

WANs have specific characteristics:

  • WANs interconnect LANs over wide geographical areas such as between cities, states, provinces, countries, or continents.
  • WANs are usually administered by multiple service providers.
  • WANs typically provide slower speed links between LANs.

The figure shows two branch LANs connected via a WAN link. Both LANs are highlighted in a light yellow box and consist of a central switch connected to three PCs, an IP phone, a server, and a router. The two routers are connected via a red WAN link. On the left is the branch 1 LAN and on the right is branch 2 LAN.

The Three-Layer Network Design Model

The campus wired LAN uses a hierarchical design model to separate the network topology into modular groups or layers. Separating the design into layers allows each layer to implement specific functions, which simplifies the network design. This also simplifies the deployment and management of the network.

The campus wired LAN enables communications between devices in a building or group of buildings, as well as interconnection to the WAN and Internet edge at the network core.

 

A hierarchical LAN design includes the access, distribution, and core layers as shown in the figure.

The figure shows two internet clouds at the top. Each cloud connects to two routers, one on the left and one on the right. Below the routers are two layers 3 switches within a box labelled core layer. Each router connects to each of the switches. The switches also have multiple lines between them with a circle around the lines. Below these two switches are two more switches within a box labelled distribution layer. Each of the top switches connects to each of the two switches below them.

 

 

Below the distribution layer switches are three-layer 2 switches and two access points within a box labelled access layer. Each access layer switch has a connection to each of the distribution layer switches. Each access point connects to just one of the access layer switches. Below the access, layer box are two wireless tablets. Each wireless tablet connects wirelessly to a wireless a p. Also below the access layer box are four IP phones. Each phone has a p c attached. One phone connects to the left access layer switch, two phones connect to the middle access layer switch, and the last phone connects to the last access layer switch.

 

Hierarchical Design Model

Each layer is designed to meet specific functions.

The access layer provides endpoints and users direct access to the network. The distribution layer aggregates access layers and provides connectivity to services. Finally, the core layer provides connectivity between distribution layers for large LAN environments. User traffic is initiated at the access layer and passes through the other layers if the functionality of those layers is required.

 

Even though the hierarchical model has three layers, some smaller enterprise networks may implement a two-tier hierarchical design. In a two-tier hierarchical design, the core and distribution layers are collapsed into one layer, reducing cost and complexity.

 

The figure shows two internet clouds at the top. Each cloud connects to two routers, one on the left and one on the right. Below the routers are two layer 3 switches within a box labeled collapsed core. Each router connects to each of the switches. Below the collapsed core box are three layer 2 switches and two access points. Each switch has a connection to each of the switches within the collapsed core box. Each access point connects to just one of the access layer switches. Below the collapsed core box are two wireless tablets. Each wireless tablet connects wirelessly to a wireless a p. Also below the collapsed core box are four i p phones. Each phone has a p c attached. One phone connects to the left access layer switch, two phones connect to the middle access layer switch, and the last phone connects to the last access layer switch.

 

In flat or meshed network architectures, changes tend to affect a large number of systems. Hierarchical design helps constrain operational changes to a subset of the network, which makes it easy to manage as well as improve resiliency. Modular structuring of the network into small, easy-to-understand elements also facilitates resiliency through improved fault isolation.

Firewalls

Typically, a firewall with two interfaces is configured as follows:

  • Traffic originating from the private network is permitted and inspected as it travels toward the public network. Inspected traffic returning from the public network and associated with traffic that originated from the private network is permitted.
  • Traffic originating from the public network and traveling to the private network is generally blocked. 

 

Demilitarized zone

A demilitarized zone (DMZ) is a firewall design where there is typically one inside interface connected to the private network, one outside interface connected to the public network, and one DMZ interface, as shown in the figure.

  • Traffic originating from the private network is inspected as it travels toward the public or DMZ network. This traffic is permitted with little or no restriction. Inspected traffic returning from the DMZ or public network to the private network is permitted.
  • Traffic originating from the DMZ network and traveling to the private network is usually blocked.
  • Traffic originating from the DMZ network and traveling to the public network is selectively permitted based on service requirements.
  • Traffic originating from the public network and traveling toward the DMZ is selectively permitted and inspected. This type of traffic is typically email, DNS, HTTP, or HTTPS traffic. Return traffic from the DMZ to the public network is dynamically permitted.
  • Traffic originating from the public network and traveling to the private network is blocked.

Zone-Based Policy Firewall

Zone-based policy firewalls (ZPFs) use the concept of zones to provide additional flexibility. A zone is a group of one or more interfaces that have similar functions or features. Zones help you specify where a Cisco IOS firewall rule or policy should be applied. In the figure, security policies for LAN 1 and LAN 2 are similar and can be grouped into a zone for firewall configurations. By default, the traffic between interfaces in the same zone is not subject to any policy and passes freely. However, all zone-to-zone traffic is blocked. In order to permit traffic between zones, a policy allowing or inspecting traffic must be configured.

The only exception to this default deny any policy is the router self zone. The self zone is the router itself and includes all the router interface IP addresses. Policy configurations that include the self zone would apply to traffic destined to and sourced from the router. By default, there is no policy for this type of traffic. Traffic that should be considered when designing a policy for the self zone includes management plane and control plane traffic, such as SSH, SNMP, and routing protocols.

Common Security Architectures

Firewall design is primarily about device interfaces permitting or denying traffic based on the source, the destination, and the type of traffic. Some designs are as simple as designating an outside network and inside network, which are determined by two interfaces on a firewall.

Here are three common firewall designs.

Private and Public
Demilitarized Zone
Zone-Based Policy Firewalls

As shown in the figure, the public network (or outside network) is untrusted, and the private network (or inside network) is trusted.

Typically, a firewall with two interfaces is configured as follows:

  • Traffic originating from the private network is permitted and inspected as it travels toward the public network. Inspected traffic returning from the public network and associated with traffic that originated from the private network is permitted.
  • Traffic originating from the public network and travelling to the private network is generally blocked.

The private and public figure shows a cloud within a circle labelled public (untrusted). The cloud connects to a firewall via s 0 / 0 / 0. The g 0 / 0 firewall port connects to a circled labelled VLAN 1 private (trusted) that has a server and two pc’s on it. There is an arrow going from the private circle to the public circle with h t t p, SMTP, and d n s on it. There is another arrow going from the public circle to the private circle with the words no access.

About Adeniyi Salau 734 Articles
I am an IT enthusiast and a man of many parts. I am a Certified Digital Marketer, Project Manager and a Real Estate Consultant. I love writing because that's what keeps me going. I am running this blog to share what I know with others. I am also a Superlife Stem Cell Distributor. Our Stem Cell Products can cure many ailments.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


CommentLuv badge